CVE-2022-46150

Discourse is an open-source discussion platform. Prior to version 2.8.13 of the `stable` branch and version 2.9.0.beta14 of the `beta` and `tests-passed` branches, unauthorized users may learn of the existence of hidden tags and that they have been applied to topics that they have access to. This issue is patched in version 2.8.13 of the `stable` branch and version 2.9.0.beta14 of the `beta` and `tests-passed` branches. As a workaround, use the `disable_email` site setting to disable all emails to non-staff users.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta12:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta13:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:*:*:*:*

History

21 Nov 2024, 07:30

Type Values Removed Values Added
References () https://github.com/discourse/discourse/commit/84c83e8d4a1907f8a2972f0ab44b6402aa910c3b - Patch, Third Party Advisory () https://github.com/discourse/discourse/commit/84c83e8d4a1907f8a2972f0ab44b6402aa910c3b - Patch, Third Party Advisory
References () https://github.com/discourse/discourse/security/advisories/GHSA-rqvq-94h8-p5wv - Third Party Advisory () https://github.com/discourse/discourse/security/advisories/GHSA-rqvq-94h8-p5wv - Third Party Advisory

Information

Published : 2022-11-29 18:15

Updated : 2024-11-21 07:30


NVD link : CVE-2022-46150

Mitre link : CVE-2022-46150

CVE.ORG link : CVE-2022-46150


JSON object : View

Products Affected

discourse

  • discourse
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor